ISO 27001

MainContent

Essentials

In today’s increasingly complex environment of Cloud-Based Computing and frequent data sharing between organizations, it has become important for many organizations to provide assurance to a 3rd party that they have a solid Information Security Program in place. One excellent way of accomplishing this is to pursue alignment with the ISO 27001 standard for managing information security.

27001 certification can help your organization provide customers with assurance that you have a well-functioning Security Program in place

SecureState is one of a handful of U.S. companies with certified ISO 27001 Auditors on staff

Benefits

The goal of the 27001 standard is to provide a framework for managing an information security program. At the heart of 27001 is the Deming cycle for quality assurance, which includes 4 phases:

Plan

Do

Check

Act

Following this process takes an organization out of the business of implementing tactical fixes to specific IT Security problems, and instead moves IT Security into a strategic position; with IT Security decisions aligned with the organizations Risk Tolerance, and approved by executive management. A Security Program which has implemented all of the components of 27001 has reached a fairly mature state, and should continue to improve from year to year.

Expertise

SecureState has a number of certified ISO 27001 Auditors on staff with deep knowledge of the standard, as well as the auditing process. More importantly, our staff members have extensive experience developing and building security programs both in alignment with the 27001 standard, and independently of it. By leveraging knowledge of both standards as well as successful real-world implementations, we are able to help a client build a useful, workable program while pursuing 27001 certification.

MainContentRight

Did You Know?

27001 certification is a requirement for access to the British N3 Healthcare network

27001 is the standard that organizations certify to, while 27002 is simply a list of controls that support 27001

27001 implementation projects typically take 9 – 12 months

RELATED:

Our Approach and Methodology

Tab1Content

SecureState approaches 27001 with a two-pronged approach. First, an ISO 27001 Readiness Assessment is performed to determine if 27001 certification is feasible for the client organization; and if so, what the timeframes and cost are likely to be for implementation. If the organization has not already identified the scope of its 27001 ISMS, SecureState will provide guidance here as well. Because 27001 is designed to be customized to align with an organization’s business goals and risk tolerance, each implementation is slightly different. For this reason, it is necessary to perform an initial assessment prior to tackling the large task of implementation.

If an organization chooses to pursue a 27001 program, SecureState will be engaged to assist in the 9 to 12 month process of ISMS implementation. Each project will slightly vary in which implementation tasks need to be performed, and where the organization most needs help. Some of the areas which SecureState can provide assistance include:

Project Management

27001 Pre-Audit

Incident Response Planning

Business Continuity Planning

Audit Program Development

Policies & Procedures

Documentation Format

Control Implementation

What Makes Us Different

Tab2Content

SecureState is one of a handful of U.S. companies with certified ISO 27001 Auditors on staff.

Our staff members are certified as Auditors and understand the certification process; however, their focus is on the successful implementation of a program.